Darin Petkov | 1c11520 | 2012-03-22 15:35:47 +0100 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "shill/openvpn_management_server.h" |
| 6 | |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 7 | #include <arpa/inet.h> |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 8 | #include <netinet/in.h> |
| 9 | |
| 10 | #include <base/bind.h> |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 11 | #include <base/string_number_conversions.h> |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 12 | #include <base/string_split.h> |
| 13 | #include <base/string_util.h> |
| 14 | #include <base/stringprintf.h> |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 15 | #include <chromeos/dbus/service_constants.h> |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 16 | |
Darin Petkov | 3273da7 | 2013-02-13 11:50:25 +0100 | [diff] [blame] | 17 | #include "shill/error.h" |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 18 | #include "shill/event_dispatcher.h" |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 19 | #include "shill/glib.h" |
Christopher Wiley | b691efd | 2012-08-09 13:51:51 -0700 | [diff] [blame] | 20 | #include "shill/logging.h" |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 21 | #include "shill/openvpn_driver.h" |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 22 | #include "shill/sockets.h" |
| 23 | |
| 24 | using base::Bind; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 25 | using base::IntToString; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 26 | using base::SplitString; |
| 27 | using base::StringPrintf; |
Darin Petkov | 3273da7 | 2013-02-13 11:50:25 +0100 | [diff] [blame] | 28 | using base::Unretained; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 29 | using std::string; |
| 30 | using std::vector; |
Darin Petkov | 1c11520 | 2012-03-22 15:35:47 +0100 | [diff] [blame] | 31 | |
| 32 | namespace shill { |
| 33 | |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 34 | namespace { |
| 35 | const char kPasswordTagAuth[] = "Auth"; |
| 36 | } // namespace |
| 37 | |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 38 | const char OpenVPNManagementServer::kStateReconnecting[] = "RECONNECTING"; |
| 39 | const char OpenVPNManagementServer::kStateResolve[] = "RESOLVE"; |
| 40 | |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 41 | OpenVPNManagementServer::OpenVPNManagementServer(OpenVPNDriver *driver, |
| 42 | GLib *glib) |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 43 | : driver_(driver), |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 44 | glib_(glib), |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 45 | sockets_(NULL), |
| 46 | socket_(-1), |
| 47 | dispatcher_(NULL), |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 48 | connected_socket_(-1), |
| 49 | hold_waiting_(false), |
| 50 | hold_release_(false) {} |
Darin Petkov | 1c11520 | 2012-03-22 15:35:47 +0100 | [diff] [blame] | 51 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 52 | OpenVPNManagementServer::~OpenVPNManagementServer() { |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 53 | OpenVPNManagementServer::Stop(); |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 54 | } |
Darin Petkov | 1c11520 | 2012-03-22 15:35:47 +0100 | [diff] [blame] | 55 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 56 | bool OpenVPNManagementServer::Start(EventDispatcher *dispatcher, |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 57 | Sockets *sockets, |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 58 | vector<vector<string>> *options) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 59 | SLOG(VPN, 2) << __func__; |
Darin Petkov | e08084d | 2012-06-11 13:19:35 +0200 | [diff] [blame] | 60 | if (IsStarted()) { |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 61 | return true; |
| 62 | } |
| 63 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 64 | int socket = sockets->Socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 65 | if (socket < 0) { |
| 66 | PLOG(ERROR) << "Unable to create management server socket."; |
| 67 | return false; |
| 68 | } |
| 69 | |
| 70 | struct sockaddr_in addr; |
| 71 | socklen_t addrlen = sizeof(addr); |
| 72 | memset(&addr, 0, sizeof(addr)); |
| 73 | addr.sin_family = AF_INET; |
| 74 | addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); |
| 75 | if (sockets->Bind( |
| 76 | socket, reinterpret_cast<struct sockaddr *>(&addr), addrlen) < 0 || |
| 77 | sockets->Listen(socket, 1) < 0 || |
| 78 | sockets->GetSockName( |
| 79 | socket, reinterpret_cast<struct sockaddr *>(&addr), &addrlen) < 0) { |
| 80 | PLOG(ERROR) << "Socket setup failed."; |
| 81 | sockets->Close(socket); |
| 82 | return false; |
| 83 | } |
| 84 | |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 85 | SLOG(VPN, 2) << "Listening socket: " << socket; |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 86 | sockets_ = sockets; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 87 | socket_ = socket; |
| 88 | ready_handler_.reset( |
| 89 | dispatcher->CreateReadyHandler( |
Darin Petkov | 3273da7 | 2013-02-13 11:50:25 +0100 | [diff] [blame] | 90 | socket, IOHandler::kModeInput, |
| 91 | Bind(&OpenVPNManagementServer::OnReady, Unretained(this)))); |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 92 | dispatcher_ = dispatcher; |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 93 | |
| 94 | // Append openvpn management API options. |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 95 | driver_->AppendOption("management", inet_ntoa(addr.sin_addr), |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 96 | IntToString(ntohs(addr.sin_port)), options); |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 97 | driver_->AppendOption("management-client", options); |
| 98 | driver_->AppendOption("management-hold", options); |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 99 | hold_release_ = false; |
| 100 | hold_waiting_ = false; |
| 101 | |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 102 | driver_->AppendOption("management-query-passwords", options); |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 103 | if (driver_->AppendValueOption(kOpenVPNStaticChallengeProperty, |
Paul Stewart | b26347a | 2013-08-02 12:12:09 -0700 | [diff] [blame] | 104 | "static-challenge", |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 105 | options)) { |
Paul Stewart | 406c473 | 2013-08-01 09:30:12 -0700 | [diff] [blame] | 106 | options->back().push_back("1"); // Force echo. |
Darin Petkov | 4646302 | 2012-03-29 14:57:32 +0200 | [diff] [blame] | 107 | } |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 108 | return true; |
| 109 | } |
| 110 | |
| 111 | void OpenVPNManagementServer::Stop() { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 112 | SLOG(VPN, 2) << __func__; |
Darin Petkov | e08084d | 2012-06-11 13:19:35 +0200 | [diff] [blame] | 113 | if (!IsStarted()) { |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 114 | return; |
| 115 | } |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 116 | state_.clear(); |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 117 | input_handler_.reset(); |
| 118 | if (connected_socket_ >= 0) { |
| 119 | sockets_->Close(connected_socket_); |
| 120 | connected_socket_ = -1; |
| 121 | } |
| 122 | dispatcher_ = NULL; |
| 123 | ready_handler_.reset(); |
| 124 | if (socket_ >= 0) { |
| 125 | sockets_->Close(socket_); |
| 126 | socket_ = -1; |
| 127 | } |
| 128 | sockets_ = NULL; |
| 129 | } |
| 130 | |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 131 | void OpenVPNManagementServer::ReleaseHold() { |
| 132 | SLOG(VPN, 2) << __func__; |
| 133 | hold_release_ = true; |
| 134 | if (!hold_waiting_) { |
| 135 | return; |
| 136 | } |
| 137 | LOG(INFO) << "Releasing hold."; |
| 138 | hold_waiting_ = false; |
| 139 | SendHoldRelease(); |
| 140 | } |
| 141 | |
| 142 | void OpenVPNManagementServer::Hold() { |
| 143 | SLOG(VPN, 2) << __func__; |
| 144 | hold_release_ = false; |
| 145 | } |
| 146 | |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 147 | void OpenVPNManagementServer::Restart() { |
| 148 | LOG(INFO) << "Restart."; |
| 149 | SendSignal("SIGUSR1"); |
| 150 | } |
| 151 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 152 | void OpenVPNManagementServer::OnReady(int fd) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 153 | SLOG(VPN, 2) << __func__ << "(" << fd << ")"; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 154 | connected_socket_ = sockets_->Accept(fd, NULL, NULL); |
| 155 | if (connected_socket_ < 0) { |
| 156 | PLOG(ERROR) << "Connected socket accept failed."; |
| 157 | return; |
| 158 | } |
| 159 | ready_handler_.reset(); |
Paul Stewart | 5f06a0e | 2012-12-20 11:11:33 -0800 | [diff] [blame] | 160 | input_handler_.reset(dispatcher_->CreateInputHandler( |
Darin Petkov | 3273da7 | 2013-02-13 11:50:25 +0100 | [diff] [blame] | 161 | connected_socket_, |
| 162 | Bind(&OpenVPNManagementServer::OnInput, Unretained(this)), |
| 163 | Bind(&OpenVPNManagementServer::OnInputError, Unretained(this)))); |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 164 | SendState("on"); |
| 165 | } |
| 166 | |
| 167 | void OpenVPNManagementServer::OnInput(InputData *data) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 168 | SLOG(VPN, 2) << __func__ << "(" << data->len << ")"; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 169 | vector<string> messages; |
| 170 | SplitString( |
| 171 | string(reinterpret_cast<char *>(data->buf), data->len), '\n', &messages); |
| 172 | for (vector<string>::const_iterator it = messages.begin(); |
Darin Petkov | e08084d | 2012-06-11 13:19:35 +0200 | [diff] [blame] | 173 | it != messages.end() && IsStarted(); ++it) { |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 174 | ProcessMessage(*it); |
| 175 | } |
| 176 | } |
| 177 | |
Darin Petkov | 3273da7 | 2013-02-13 11:50:25 +0100 | [diff] [blame] | 178 | void OpenVPNManagementServer::OnInputError(const Error &error) { |
| 179 | LOG(ERROR) << error; |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 180 | driver_->FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | 3273da7 | 2013-02-13 11:50:25 +0100 | [diff] [blame] | 181 | } |
| 182 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 183 | void OpenVPNManagementServer::ProcessMessage(const string &message) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 184 | SLOG(VPN, 2) << __func__ << "(" << message << ")"; |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 185 | if (message.empty()) { |
| 186 | return; |
| 187 | } |
| 188 | if (!ProcessInfoMessage(message) && |
| 189 | !ProcessNeedPasswordMessage(message) && |
| 190 | !ProcessFailedPasswordMessage(message) && |
Darin Petkov | 16e7032 | 2013-03-07 15:54:23 +0100 | [diff] [blame] | 191 | !ProcessAuthTokenMessage(message) && |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 192 | !ProcessStateMessage(message) && |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 193 | !ProcessHoldMessage(message) && |
| 194 | !ProcessSuccessMessage(message)) { |
Darin Petkov | 16e7032 | 2013-03-07 15:54:23 +0100 | [diff] [blame] | 195 | LOG(WARNING) << "Message ignored: " << message; |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 196 | } |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 197 | } |
| 198 | |
| 199 | bool OpenVPNManagementServer::ProcessInfoMessage(const string &message) { |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 200 | if (!StartsWithASCII(message, ">INFO:", true)) { |
| 201 | return false; |
| 202 | } |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 203 | LOG(INFO) << message; |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 204 | return true; |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 205 | } |
| 206 | |
| 207 | bool OpenVPNManagementServer::ProcessNeedPasswordMessage( |
| 208 | const string &message) { |
| 209 | if (!StartsWithASCII(message, ">PASSWORD:Need ", true)) { |
| 210 | return false; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 211 | } |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 212 | LOG(INFO) << "Processing need-password message."; |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 213 | string tag = ParsePasswordTag(message); |
| 214 | if (tag == kPasswordTagAuth) { |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 215 | if (message.find("SC:") != string::npos) { |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 216 | PerformStaticChallenge(tag); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 217 | } else { |
Darin Petkov | daaa553 | 2012-07-24 15:37:55 +0200 | [diff] [blame] | 218 | PerformAuthentication(tag); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 219 | } |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 220 | } else if (StartsWithASCII(tag, "User-Specific TPM Token", true)) { |
| 221 | SupplyTPMToken(tag); |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 222 | } else { |
| 223 | NOTIMPLEMENTED() << ": Unsupported need-password message: " << message; |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 224 | driver_->FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 225 | } |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 226 | return true; |
| 227 | } |
| 228 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 229 | // static |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 230 | string OpenVPNManagementServer::ParseSubstring(const string &message, |
| 231 | const string &start, |
| 232 | const string &end) { |
| 233 | SLOG(VPN, 2) << __func__ << "(" << message |
| 234 | << ", " << start << ", " << end << ")"; |
| 235 | DCHECK(!start.empty() && !end.empty()); |
| 236 | size_t start_pos = message.find(start); |
| 237 | if (start_pos == string::npos) { |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 238 | return string(); |
| 239 | } |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 240 | size_t end_pos = message.find(end, start_pos + start.size()); |
| 241 | if (end_pos == string::npos) { |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 242 | return string(); |
| 243 | } |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 244 | return message.substr(start_pos + start.size(), |
| 245 | end_pos - start_pos - start.size()); |
| 246 | } |
| 247 | |
| 248 | // static |
| 249 | string OpenVPNManagementServer::ParsePasswordTag(const string &message) { |
| 250 | return ParseSubstring(message, "'", "'"); |
| 251 | } |
| 252 | |
| 253 | // static |
| 254 | string OpenVPNManagementServer::ParsePasswordFailedReason( |
| 255 | const string &message) { |
| 256 | return ParseSubstring(message, "['", "']"); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 257 | } |
| 258 | |
| 259 | void OpenVPNManagementServer::PerformStaticChallenge(const string &tag) { |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 260 | LOG(INFO) << "Perform static challenge: " << tag; |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 261 | string user = driver_->args()->LookupString(kOpenVPNUserProperty, ""); |
| 262 | string password = driver_->args()->LookupString(kOpenVPNPasswordProperty, ""); |
| 263 | string otp = driver_->args()->LookupString(kOpenVPNOTPProperty, ""); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 264 | if (user.empty() || password.empty() || otp.empty()) { |
Darin Petkov | e08084d | 2012-06-11 13:19:35 +0200 | [diff] [blame] | 265 | NOTIMPLEMENTED() << ": Missing credentials:" |
| 266 | << (user.empty() ? " no-user" : "") |
| 267 | << (password.empty() ? " no-password" : "") |
| 268 | << (otp.empty() ? " no-otp" : ""); |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 269 | driver_->FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 270 | return; |
| 271 | } |
Christopher Wiley | 0f3eab3 | 2013-03-21 11:55:41 -0700 | [diff] [blame] | 272 | string b64_password; |
| 273 | string b64_otp; |
| 274 | if (!glib_->B64Encode(password, &b64_password) || |
| 275 | !glib_->B64Encode(otp, &b64_otp)) { |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 276 | LOG(ERROR) << "Unable to base64-encode credentials."; |
| 277 | return; |
| 278 | } |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 279 | SendUsername(tag, user); |
Christopher Wiley | 0f3eab3 | 2013-03-21 11:55:41 -0700 | [diff] [blame] | 280 | SendPassword(tag, StringPrintf("SCRV1:%s:%s", |
| 281 | b64_password.c_str(), |
| 282 | b64_otp.c_str())); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 283 | // Don't reuse OTP. |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 284 | driver_->args()->RemoveString(kOpenVPNOTPProperty); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 285 | } |
| 286 | |
Darin Petkov | daaa553 | 2012-07-24 15:37:55 +0200 | [diff] [blame] | 287 | void OpenVPNManagementServer::PerformAuthentication(const string &tag) { |
| 288 | LOG(INFO) << "Perform authentication: " << tag; |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 289 | string user = driver_->args()->LookupString(kOpenVPNUserProperty, ""); |
| 290 | string password = driver_->args()->LookupString(kOpenVPNPasswordProperty, ""); |
Darin Petkov | daaa553 | 2012-07-24 15:37:55 +0200 | [diff] [blame] | 291 | if (user.empty() || password.empty()) { |
| 292 | NOTIMPLEMENTED() << ": Missing credentials:" |
| 293 | << (user.empty() ? " no-user" : "") |
| 294 | << (password.empty() ? " no-password" : ""); |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 295 | driver_->FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | daaa553 | 2012-07-24 15:37:55 +0200 | [diff] [blame] | 296 | return; |
| 297 | } |
| 298 | SendUsername(tag, user); |
| 299 | SendPassword(tag, password); |
| 300 | } |
| 301 | |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 302 | void OpenVPNManagementServer::SupplyTPMToken(const string &tag) { |
Darin Petkov | 92e6561 | 2012-06-10 12:52:10 +0200 | [diff] [blame] | 303 | SLOG(VPN, 2) << __func__ << "(" << tag << ")"; |
Ben Chan | 7372878 | 2013-09-20 13:40:54 -0700 | [diff] [blame] | 304 | string pin = driver_->args()->LookupString(kOpenVPNPinProperty, ""); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 305 | if (pin.empty()) { |
Darin Petkov | 0440b9b | 2012-04-17 16:11:56 +0200 | [diff] [blame] | 306 | NOTIMPLEMENTED() << ": Missing PIN."; |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 307 | driver_->FailService(Service::kFailureInternal, Service::kErrorDetailsNone); |
Darin Petkov | e0d5dd1 | 2012-04-04 16:10:48 +0200 | [diff] [blame] | 308 | return; |
| 309 | } |
| 310 | SendPassword(tag, pin); |
| 311 | } |
| 312 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 313 | bool OpenVPNManagementServer::ProcessFailedPasswordMessage( |
| 314 | const string &message) { |
| 315 | if (!StartsWithASCII(message, ">PASSWORD:Verification Failed:", true)) { |
| 316 | return false; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 317 | } |
Darin Petkov | aba8932 | 2013-03-11 14:48:22 +0100 | [diff] [blame] | 318 | LOG(INFO) << message; |
| 319 | string reason; |
| 320 | if (ParsePasswordTag(message) == kPasswordTagAuth) { |
| 321 | reason = ParsePasswordFailedReason(message); |
| 322 | } |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 323 | driver_->FailService(Service::kFailureConnect, reason); |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 324 | return true; |
| 325 | } |
| 326 | |
Darin Petkov | 16e7032 | 2013-03-07 15:54:23 +0100 | [diff] [blame] | 327 | bool OpenVPNManagementServer::ProcessAuthTokenMessage(const string &message) { |
| 328 | if (!StartsWithASCII(message, ">PASSWORD:Auth-Token:", true)) { |
| 329 | return false; |
| 330 | } |
| 331 | LOG(INFO) << "Auth-Token message ignored."; |
| 332 | return true; |
| 333 | } |
| 334 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 335 | // >STATE:* message support. State messages are of the form: |
| 336 | // >STATE:<date>,<state>,<detail>,<local-ip>,<remote-ip> |
| 337 | // where: |
| 338 | // <date> is the current time (since epoch) in seconds |
| 339 | // <state> is one of: |
| 340 | // INITIAL, CONNECTING, WAIT, AUTH, GET_CONFIG, ASSIGN_IP, ADD_ROUTES, |
| 341 | // CONNECTED, RECONNECTING, EXITING, RESOLVE, TCP_CONNECT |
| 342 | // <detail> is a free-form string giving details about the state change |
| 343 | // <local-ip> is a dotted-quad for the local IPv4 address (when available) |
| 344 | // <remote-ip> is a dotted-quad for the remote IPv4 address (when available) |
| 345 | bool OpenVPNManagementServer::ProcessStateMessage(const string &message) { |
| 346 | if (!StartsWithASCII(message, ">STATE:", true)) { |
| 347 | return false; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 348 | } |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 349 | vector<string> details; |
| 350 | SplitString(message, ',', &details); |
| 351 | if (details.size() > 1) { |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 352 | state_ = details[1]; |
| 353 | LOG(INFO) << "OpenVPN state: " << state_; |
| 354 | if (state_ == kStateReconnecting) { |
Darin Petkov | 0cd0d1e | 2013-02-11 12:49:10 +0100 | [diff] [blame] | 355 | OpenVPNDriver::ReconnectReason reason = |
| 356 | OpenVPNDriver::kReconnectReasonUnknown; |
| 357 | if (details.size() > 2 && details[2] == "tls-error") { |
| 358 | reason = OpenVPNDriver::kReconnectReasonTLSError; |
| 359 | } |
| 360 | driver_->OnReconnecting(reason); |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 361 | } |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 362 | } |
Darin Petkov | 1c049c7 | 2013-03-21 13:15:45 +0100 | [diff] [blame] | 363 | |
Darin Petkov | 271fe52 | 2012-03-27 13:47:29 +0200 | [diff] [blame] | 364 | return true; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 365 | } |
| 366 | |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 367 | bool OpenVPNManagementServer::ProcessHoldMessage(const string &message) { |
| 368 | if (!StartsWithASCII(message, ">HOLD:Waiting for hold release", true)) { |
| 369 | return false; |
| 370 | } |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 371 | LOG(INFO) << "Client waiting for hold release."; |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 372 | hold_waiting_ = true; |
| 373 | if (hold_release_) { |
| 374 | ReleaseHold(); |
| 375 | } |
| 376 | return true; |
| 377 | } |
| 378 | |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 379 | bool OpenVPNManagementServer::ProcessSuccessMessage(const string &message) { |
| 380 | if (!StartsWithASCII(message, "SUCCESS: ", true)) { |
| 381 | return false; |
| 382 | } |
| 383 | LOG(INFO) << message; |
| 384 | return true; |
| 385 | } |
| 386 | |
Darin Petkov | daaa553 | 2012-07-24 15:37:55 +0200 | [diff] [blame] | 387 | // static |
| 388 | string OpenVPNManagementServer::EscapeToQuote(const string &str) { |
| 389 | string escaped; |
| 390 | for (string::const_iterator it = str.begin(); it != str.end(); ++it) { |
| 391 | if (*it == '\\' || *it == '"') { |
| 392 | escaped += '\\'; |
| 393 | } |
| 394 | escaped += *it; |
| 395 | } |
| 396 | return escaped; |
| 397 | } |
| 398 | |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 399 | void OpenVPNManagementServer::Send(const string &data) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 400 | SLOG(VPN, 2) << __func__; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 401 | ssize_t len = sockets_->Send(connected_socket_, data.data(), data.size(), 0); |
| 402 | PLOG_IF(ERROR, len < 0 || static_cast<size_t>(len) != data.size()) |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 403 | << "Send failed."; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 404 | } |
| 405 | |
| 406 | void OpenVPNManagementServer::SendState(const string &state) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 407 | SLOG(VPN, 2) << __func__ << "(" << state << ")"; |
Darin Petkov | 78f6326 | 2012-03-26 01:30:24 +0200 | [diff] [blame] | 408 | Send(StringPrintf("state %s\n", state.c_str())); |
Darin Petkov | 1c11520 | 2012-03-22 15:35:47 +0100 | [diff] [blame] | 409 | } |
| 410 | |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 411 | void OpenVPNManagementServer::SendUsername(const string &tag, |
| 412 | const string &username) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 413 | SLOG(VPN, 2) << __func__; |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 414 | Send(StringPrintf("username \"%s\" %s\n", tag.c_str(), username.c_str())); |
| 415 | } |
| 416 | |
| 417 | void OpenVPNManagementServer::SendPassword(const string &tag, |
| 418 | const string &password) { |
Ben Chan | fad4a0b | 2012-04-18 15:49:59 -0700 | [diff] [blame] | 419 | SLOG(VPN, 2) << __func__; |
Darin Petkov | daaa553 | 2012-07-24 15:37:55 +0200 | [diff] [blame] | 420 | Send(StringPrintf("password \"%s\" \"%s\"\n", |
| 421 | tag.c_str(), |
| 422 | EscapeToQuote(password).c_str())); |
Darin Petkov | 683942b | 2012-03-27 18:00:04 +0200 | [diff] [blame] | 423 | } |
| 424 | |
Darin Petkov | a42afe3 | 2013-02-05 16:53:52 +0100 | [diff] [blame] | 425 | void OpenVPNManagementServer::SendSignal(const string &signal) { |
| 426 | SLOG(VPN, 2) << __func__ << "(" << signal << ")"; |
| 427 | Send(StringPrintf("signal %s\n", signal.c_str())); |
| 428 | } |
| 429 | |
Darin Petkov | a5e07ef | 2012-07-09 14:27:57 +0200 | [diff] [blame] | 430 | void OpenVPNManagementServer::SendHoldRelease() { |
| 431 | SLOG(VPN, 2) << __func__; |
| 432 | Send("hold release\n"); |
| 433 | } |
| 434 | |
Darin Petkov | 1c11520 | 2012-03-22 15:35:47 +0100 | [diff] [blame] | 435 | } // namespace shill |